Nixpkgs security tracker

Untriaged

Permalink CVE-2021-47865

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 4 months ago Activity log

Created suggestion 4 months ago

ProFTPD 1.3.7a - Remote Denial of Service

ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading to exhaust server connection limits and block legitimate user access.

References

ExploitDB-49697 exploit
ProFTPD Official Website product
ProFTPD GitHub Repository product
VulnCheck Advisory: ProFTPD 1.3.7a - Remote Denial of Service third-party-advisory
ProFTPD GitHub Repository issue-tracking

Affected products

ProFTPD

==1.3.7a

Matching in nixpkgs

pkgs.proftpd

Highly configurable GPL-licensed FTP server software

nixos-unstable 1.3.9
- nixpkgs-unstable 1.3.9
- nixos-unstable-small 1.3.9

Package maintainers

@dpausp Tobias Stenzel <dpausp@posteo.de>
@ctheune Christian Theune <ct@flyingcircus.io>
@osnyx Oliver Schmidt <os@flyingcircus.io>
@leona-ya Leona Maroni <nix@leona.is>
@frlan Frank Lanitz <frank@frank.uvena.de>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.proftpd

Package maintainers